I noted that the way OrientDB authenticate user for every HTTP access is by expecting username:password encoded in base64 for every HTTP call. Isn't that a bad idea.
I think, username:password should only be expected once at the time of login (HTTP connect call). Once connect is successful, OrientDB should return session ID and in consecutive call to ORientDB server that session ID should be sent in place of username:password combination. Using sessionID OrientDB should be able to fetch current logged-in user and and its details at server end to perform specific actions. Can we achieve above in OrientDB (for HTTP REST calls) ? Regards, Gaurav -- --- You received this message because you are subscribed to the Google Groups "OrientDB" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
